Install and Configure UFW Firewall on Ubuntu 16.04

Introduction

Security is very important thing to consider when you run your own server. The UFW (uncomplicated firewall) is a frontend for managing firewall rules and it is easy to use for host-based firewalls. UFW is used through the command line interface and aims to make firewall configuration easy.

Iptables is one of the most popular firewall tool used by system administrators. It is used to manage and secure incoming and outgoing connections in the server, but iptables runs in console mode and it is very complex to manage and configure. The ufw is an application firewall used to manage an iptables based firewall on Ubuntu that gives a framework for managing netfilter rules, as well as providing a command-line interface for controlling the firewall rules.

You can allow and block various services by port, network interface and source IP address using the UFW firewall. If you are beginner and are looking to get started securing your network, then the UFW is right choice for you.

In this tutorial, we will learn the UFW commands with different options to secure various services on Ubuntu 16.04.

Ubuntu-16.04 installed on your system

A non-root user account with sudo privilege set up on your system

Installing UFW

In Ubuntu 16.04, UFW is installed by default. If not, you can easily install it by running the following command:

sudo apt-get install ufw

You can also check the status of UFW by running the following command:

sudo ufw status

You should see the following output:

Status: inactive

If you see above output, it means it's not active. You can enable it by just running the following command:

sudo ufw enable

You should see the following output:

Firewall is active and enabled on system startup

To disable it, run the following command:

sudo ufw disable

List Out the Current UFW Rules

You can list the default firewall rules by using the following command:

Now, to remove any of these rules, you will need to use these numbers.

sudo ufw delete [number]

For example, if you want to remove third number rule then run the following command:

sudo ufw delete [3]

If you need to go back to default settings, simply type in the following command. This will revert any of your changes.

sudo ufw reset

Logging UFW Firewall Events

Firewall logs are necessary for troubleshooting your firewall rules, and notifying unusual activity on your network. So you must add logging rules in your firewall.
The ufw log file will be located at /var/log/ufw.log

Low log blocked all packets not matching the default policy as well as packets matching logged rules.

Medium log blocked low, plus all allowed packets not matching the default policy, all INVALID packets, and all new connections.

High log blocked medium plus all packets with rate limiting.

UFW Graphical Interface

GUFW is a graphical interface for ufw. By default, Ubuntu-16.04 does not come with GUFW. You can install GUFW from Ubuntu repository.

You can install it by simply running the following command:

sudo apt-get install gufw

Advanced UFW Rules

You can do everything with ufw that iptables can do. You can add only simple rules using the command line. If you want to add more advance rules, then you can accomplish this by editing several ufw config files.

/etc/default/ufw : This is main ufw config file for default policy and kernel modules.

/etc/ufw/before.rules : Rules in these files are calculate before any rules added via the ufw command.

/etc/ufw/after.rules : Rules in these files are calculate after any rules added via the ufw command.

By default UFW allows DHCP, ping and loopback. You can disallow this by editing the before.rules file.

Conclusion

Now you have enough knowledge to install and configure UFW firewall on your server. UFW is a very flexible tool so you can use it in production environment with different options to match your specific needs if they aren't covered here.

Comments

Latest Posts

If you find your cPanel disk space filling up, or an email address has hit its disk space quota, cPanel has a helpful built in Email Disk Usage tool. This will provide you with a simple to understand breakdown of how much disk space each folder for a particular email...

Although WHM will normally automatically keep itself up to date, you may want to manually check for server updates / push through an update that is pending, or it may be that you have automatic updates switched off on your cPanel server. In this guide we will show you how...

You may sometimes need to manually adjust the PHP settings on your cPanel server – for example if a site is hitting the PHP memory, or file size upload limit. WHM allows you to quickly change the settings of any PHP version installed on the server when needed, using the...